Truststore given by AAF is only giving ONAP root_ca.
In order to have access to other platforms, we must also have all the
other ones.
As ONAP root ÇA and all known CAs are present in truststore All, let's
use it.
Issue-ID: OOM-2688
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I551b8e4a316dcf4f2dee1bf6c45327496a488cdd
- |
export ACTUATOR_PASSWORD="$(cat /tmp/app/encoded)"
{{- if .Values.global.aafEnabled }}
- export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
- export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
+ export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
{{- if .Values.global.security.aaf.enabled }}
export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
{{- end }}
args:
- -c
- |
- export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
- export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
+ export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
{{- if .Values.global.security.aaf.enabled }}
export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
{{- end }}
args:
- -c
- |
- export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
- export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
+ export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
{{- if .Values.global.security.aaf.enabled }}
export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
{{- end }}
export AAF_AUTH=$(echo "Basic ${AAF_BASE64}")
export AAI_AUTH=$(cat /input/.aai_creds)
{{- if .Values.global.aafEnabled }}
- export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
- export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
+ export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
{{- if .Values.global.security.aaf.enabled }}
export KEYSTORE_PASSWORD="${cadi_keystore_password}"
{{- end }}
medium: Memory
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
-
- |
export ETSI_NFVO_PASSWORD=`htpasswd -bnBC 10 "" $ETSI_NFVO_PASSWORD_INPUT | tr -d ':\n' | sed 's/\$2y/\$2a/'`
{{- if .Values.global.aafEnabled }}
- export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
- export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
+ export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
{{- if .Values.global.security.aaf.enabled }}
export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
{{- end }}
export SO_MONITORING_PASSWORD=`htpasswd -bnBC 10 "" $SO_MON_PASS | tr -d ':\n' | sed 's/\$2y/\$2a/'`
{{- if .Values.global.aafEnabled }}
export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/org.onap.so.cred.props | xargs -0)
- export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
+ export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
export KEYSTORE=file://$cadi_keystore
export KEYSTORE_PASSWORD=$cadi_keystore_password_p12
export TRUSTSTORE=file://$cadi_truststore
export BPEL_PASSWORD=`htpasswd -bnBC 10 "" $BPEL_PASSWORD_INPUT | tr -d ':\n' | sed 's/\$2y/\$2a/'`
export ACTUATOR_PASSWORD=`htpasswd -bnBC 10 "" $ACTUATOR_PASSWORD_INPUT | tr -d ':\n' | sed 's/\$2y/\$2a/'`
{{- if .Values.global.aafEnabled }}
- export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
- export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
+ export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
{{- if .Values.global.security.aaf.enabled }}
export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
{{- end }}
args:
- -c
- |
- export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
- export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
+ export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
{{- if .Values.global.security.aaf.enabled }}
export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
{{- end }}
args:
- -c
- |
- export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
- export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
+ export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
{{- if .Values.global.security.aaf.enabled }}
export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
{{- end }}
args:
- -c
- |
- export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
- export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
+ export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
{{- if .Values.global.security.aaf.enabled }}
export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
{{- end }}
args:
- -c
- |
- export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
- export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
+ export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
{{- if .Values.global.security.aaf.enabled }}
export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
{{- end }}
args:
- -c
- |
- export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
- export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
+ export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
{{- if .Values.global.security.aaf.enabled }}
export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
{{- end }}
args:
- -c
- |
- export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
- export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
+ export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
export KEYSTORE="{{ .Values.soHelpers.certInitializer.credsPath }}/org.onap.so.p12"
/app/start-app.sh
{{- $dot := default . .dot -}}
{{- $initRoot := default $dot.Values.soHelpers .initRoot -}}
cadiLoglevel: {{ $initRoot.cadi.logLevel }}
-cadiKeyFile: {{ $initRoot.certInitializer.credsPath }}/{{ $initRoot.aaf.keyFile }}
-cadiTrustStore: {{ $initRoot.certInitializer.credsPath }}/{{ $initRoot.aaf.trustore }}
+cadiKeyFile: {{ $initRoot.certInitializer.credsPath }}/{{ $initRoot.certInitializer.fqi_namespace }}.keyfile
+cadiTrustStore: {{ $initRoot.certInitializer.credsPath }}/truststoreONAPall.jks
cadiTruststorePassword: ${TRUSTSTORE_PASSWORD}
cadiLatitude: {{ $initRoot.cadi.latitude }}
cadiLongitude: {{ $initRoot.cadi.longitude }}
{{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }}
{{- if $dot.Values.global.aafEnabled }}
- name: TRUSTSTORE
- value: {{ $subchartDot.Values.certInitializer.credsPath }}/{{ $subchartDot.Values.aaf.trustore }}
+ value: {{ $subchartDot.Values.certInitializer.credsPath }}/truststoreONAPall.jks
{{- if $dot.Values.global.security.aaf.enabled }}
- name: KEYSTORE
- value: {{ $subchartDot.Values.certInitializer.credsPath }}/org.onap.so.p12
+ value: {{ $subchartDot.Values.certInitializer.credsPath }}/{{ $subchartDot.Values.certInitializer.fqi_namespace }}.p12
{{- end }}
{{- end }}
{{- end -}}
enabled: false
app:
msoKey: 07a7159d3bf51a0e53be7a8f89699be7
- client:
- certs:
- truststore: /app/client/org.onap.so.trust.jks
- keystore: /app/client/org.onap.so.jks
- trustStorePassword: LHN4Iy5DKlcpXXdWZ0pDNmNjRkhJIzpI
- keyStorePassword: c280b25hcA==
- certificates:
- path: /etc/ssl/certs
- share_path: /usr/local/share/ca-certificates/
-
#################################################################
# AAF part
cadi_latitude: '0.0'
app_ns: org.osaaf.aaf
credsPath: /opt/app/osaaf/local
- trustStoreAllPass: changeit
+ qi_namespace: org.onap.so
aaf_add_config: |
echo "cadi_truststore_password=$cadi_truststore_password" > {{ .Values.credsPath }}/mycreds.prop
- echo "cadi_keystore_password_p12=$cadi_keystore_password_p12" > {{ .Values.credsPath }}/mycreds.prop
+ echo "cadi_keystore_password_p12=$cadi_keystore_password_p12" >> {{ .Values.credsPath }}/mycreds.prop
+ echo "TRUSTSTORE_PASSWORD={{ .Values.truststorePassword }}" >> {{ .Values.credsPath }}/mycreds.prop
aafConfig:
permission_user: 1000
permission_group: 999
-aaf:
- trustore: org.onap.so.trust.jks
- keyFile: org.onap.so.keyfile
-
#################################################################
# Application configuration defaults.
#################################################################
args:
- -c
- |
- export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
- export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
+ export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
{{- if .Values.global.security.aaf.enabled }}
export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
{{- end }}
auth: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456
defaultCloudOwner: onap
- client:
- certs:
- truststore: /app/client/org.onap.so.trust.jks
- keystore: /app/client/org.onap.so.jks
- trustStorePassword: LHN4Iy5DKlcpXXdWZ0pDNmNjRkhJIzpI
- keyStorePassword: c280b25hcA==
certificates:
path: /etc/ssl/certs
share_path: /usr/local/share/ca-certificates/